Encrypted root questions

[Tim Darby <t+dfbsd@xxxxxxxxxxxx>]

I'm trying to set up an encrypted root filesystem with disk A containing /boot and swap and disk B containing the encrypted root.  Having never done this before, I figured I'd use /share/examples/rconfig/encrypted_root.sh as a guide.  However, I ran into a couple of snags, so maybe someone can tell me what I'm doing wrong.

First, this command appears to have a typo:

cryptsetup -y luksFormat /dev/${disk}s1 <== shouldn't this be "s1d"?

Second, in these lines for loader.conf:

dm_load="YES"

initrd.img_load="YES"

initrd.img_type="md_image"

vfs.root.mountfrom="ufs:md0s0"

vfs.root.realroot="crypt:hammer:/dev/${disk}s1d:root"

This failed for me during boot right after it prompted me for the passphrase. Eventually, I realized that it was not able to find dm_target_crypt.ko at the point where it was trying to open the encrypted filesytem and I was only able to get the machine to successfully boot all the way by adding the line:

dm_target_crypt_load="YES"

I'm also interested in encrypted swap. Is there anything tricky about setting that up?

Thanks,

Tim